[SCM] Samba Website Repository - branch master updated
Karolin Seeger
kseeger at samba.org
Tue Aug 14 08:10:44 UTC 2018
The branch, master has been updated
via 292258e Add Samba 4.8.4, 4.7.9 and 4.6.16 Security Releases.
from 7d3713f NEWS[4.9.0rc2]: Samba 4.9.0rc2 Available for Download
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 292258e0ac65123a0ba2587a56011da7dee2dd80
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Aug 14 09:51:12 2018 +0200
Add Samba 4.8.4, 4.7.9 and 4.6.16 Security Releases.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
-----------------------------------------------------------------------
Summary of changes:
history/header_history.html | 3 +
history/samba-4.6.16.html | 61 +++++++++++++++
history/samba-4.7.9.html | 78 ++++++++++++++++++++
history/samba-4.8.4.html | 89 ++++++++++++++++++++++
history/security.html | 25 +++++++
posted_news/20180814-075125.4.8.4.body.html | 31 ++++++++
posted_news/20180814-075125.4.8.4.headline.html | 3 +
security/CVE-2018-10858.html | 62 ++++++++++++++++
security/CVE-2018-10918.html | 72 ++++++++++++++++++
security/CVE-2018-10919.html | 98 +++++++++++++++++++++++++
security/CVE-2018-1139.html | 78 ++++++++++++++++++++
security/CVE-2018-1140.html | 77 +++++++++++++++++++
12 files changed, 677 insertions(+)
create mode 100644 history/samba-4.6.16.html
create mode 100644 history/samba-4.7.9.html
create mode 100644 history/samba-4.8.4.html
create mode 100644 posted_news/20180814-075125.4.8.4.body.html
create mode 100644 posted_news/20180814-075125.4.8.4.headline.html
create mode 100644 security/CVE-2018-10858.html
create mode 100644 security/CVE-2018-10918.html
create mode 100644 security/CVE-2018-10919.html
create mode 100644 security/CVE-2018-1139.html
create mode 100644 security/CVE-2018-1140.html
Changeset truncated at 500 lines:
diff --git a/history/header_history.html b/history/header_history.html
index 34d9a9b..faec972 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,10 +9,12 @@
<li><a href="/samba/history/">Release Notes</a>
<li class="navSub">
<ul>
+ <li><a href="samba-4.8.4.html">samba-4.8.4</a></li>
<li><a href="samba-4.8.3.html">samba-4.8.3</a></li>
<li><a href="samba-4.8.2.html">samba-4.8.2</a></li>
<li><a href="samba-4.8.1.html">samba-4.8.1</a></li>
<li><a href="samba-4.8.0.html">samba-4.8.0</a></li>
+ <li><a href="samba-4.7.9.html">samba-4.7.9</a></li>
<li><a href="samba-4.7.8.html">samba-4.7.8</a></li>
<li><a href="samba-4.7.7.html">samba-4.7.7</a></li>
<li><a href="samba-4.7.6.html">samba-4.7.6</a></li>
@@ -22,6 +24,7 @@
<li><a href="samba-4.7.2.html">samba-4.7.2</a></li>
<li><a href="samba-4.7.1.html">samba-4.7.1</a></li>
<li><a href="samba-4.7.0.html">samba-4.7.0</a></li>
+ <li><a href="samba-4.6.16.html">samba-4.6.16</a></li>
<li><a href="samba-4.6.15.html">samba-4.6.15</a></li>
<li><a href="samba-4.6.14.html">samba-4.6.14</a></li>
<li><a href="samba-4.6.13.html">samba-4.6.13</a></li>
diff --git a/history/samba-4.6.16.html b/history/samba-4.6.16.html
new file mode 100644
index 0000000..fc04d9b
--- /dev/null
+++ b/history/samba-4.6.16.html
@@ -0,0 +1,61 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.6.16 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.6.16 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.6.16.tar.gz">Samba 4.6.16 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.6.16.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.6.15-4.6.16.diffs.gz">Patch (gzipped) against Samba 4.6.15</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.6.15-4.6.16.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ ==============================
+ Release Notes for Samba 4.6.16
+ August 14, 2018
+ ==============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2018-10858 (Insufficient input validation on client directory
+ listing in libsmbclient.)
+o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
+ server.)
+
+
+=======
+Details
+=======
+
+o CVE-2018-10858:
+ A malicious server could return a directory entry that could corrupt
+ libsmbclient memory.
+
+o CVE-2018-10919:
+ Missing access control checks allow discovery of confidential attribute
+ values via authenticated LDAP search expressions.
+
+
+Changes since 4.6.15:
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
+ returns from malicious servers.
+
+o Tim Beale <timbeale at catalyst.net.nz>
+ * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via
+ searches.
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.7.9.html b/history/samba-4.7.9.html
new file mode 100644
index 0000000..0fe7d80
--- /dev/null
+++ b/history/samba-4.7.9.html
@@ -0,0 +1,78 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.7.9 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.7.9 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.7.9.tar.gz">Samba 4.7.9 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.7.9.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.7.8-4.7.9.diffs.gz">Patch (gzipped) against Samba 4.7.8</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.7.8-4.7.9.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ =============================
+ Release Notes for Samba 4.7.9
+ August 14, 2018
+ =============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2018-1139 (Weak authentication protocol allowed.)
+o CVE-2018-10858 (Insufficient input validation on client directory
+ listing in libsmbclient.)
+o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
+o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
+ server.)
+
+
+=======
+Details
+=======
+
+o CVE-2018-1139:
+ Vulnerability that allows authentication via NTLMv1 even if disabled.
+
+o CVE-2018-10858:
+ A malicious server could return a directory entry that could corrupt
+ libsmbclient memory.
+
+o CVE-2018-10918:
+ Missing null pointer checks may crash the Samba AD DC, over the
+ authenticated DRSUAPI RPC service.
+
+o CVE-2018-10919:
+ Missing access control checks allow discovery of confidential attribute
+ values via authenticated LDAP search expressions.
+
+
+Changes since 4.7.8:
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
+ returns from malicious servers.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
+ not servicePrincipalName is set on a user.
+
+o Tim Beale <timbeale at catalyst.net.nz>
+ * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via
+ searches.
+
+o Günther Deschner <gd at samba.org>
+ * BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
+ is disabled via "ntlm auth".
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/samba-4.8.4.html b/history/samba-4.8.4.html
new file mode 100644
index 0000000..2942de0
--- /dev/null
+++ b/history/samba-4.8.4.html
@@ -0,0 +1,89 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Samba 4.8.4 - Release Notes</title>
+</head>
+<body>
+<H2>Samba 4.8.4 Available for Download</H2>
+<p>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.8.4.tar.gz">Samba 4.8.4 (gzipped)</a><br>
+<a href="https://download.samba.org/pub/samba/stable/samba-4.8.4.tar.asc">Signature</a>
+</p>
+<p>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.8.3-4.8.4.diffs.gz">Patch (gzipped) against Samba 4.8.3</a><br>
+<a href="https://download.samba.org/pub/samba/patches/samba-4.8.3-4.8.4.diffs.asc">Signature</a>
+</p>
+<p>
+<pre>
+ =============================
+ Release Notes for Samba 4.8.4
+ August 14, 2018
+ =============================
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2018-1139 (Weak authentication protocol allowed.)
+o CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
+o CVE-2018-10858 (Insufficient input validation on client directory
+ listing in libsmbclient.)
+o CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
+o CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
+ server.)
+
+
+=======
+Details
+=======
+
+o CVE-2018-1139:
+ Vulnerability that allows authentication via NTLMv1 even if disabled.
+
+o CVE-2018-1140:
+ Missing null pointer checks may crash the Samba AD DC, both over
+ DNS and LDAP.
+
+o CVE-2018-10858:
+ A malicious server could return a directory entry that could corrupt
+ libsmbclient memory.
+
+o CVE-2018-10918:
+ Missing null pointer checks may crash the Samba AD DC, over the
+ authenticated DRSUAPI RPC service.
+
+o CVE-2018-10919:
+ Missing access control checks allow discovery of confidential attribute
+ values via authenticated LDAP search expressions.
+
+
+Changes since 4.8.3:
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 13453: CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
+ returns from malicious servers.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 13374: CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
+ with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140
+ * BUG 13552: CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
+ not servicePrincipalName is set on a user.
+
+o Tim Beale <timbeale at catalyst.net.nz>
+ * BUG 13434: CVE-2018-10919: acl_read: Fix unauthorized attribute access via
+ searches.
+
+o Günther Deschner <gd at samba.org>
+ * BUG 13360: CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
+ is disabled via "ntlm auth".
+
+o Andrej Gessel <Andrej.Gessel at janztec.com>
+ * BUG 13374: CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
+ ltdb_index_dn_attr().
+
+
+</pre>
+</p>
+</body>
+</html>
diff --git a/history/security.html b/history/security.html
index 4321668..aa6b4fb 100755
--- a/history/security.html
+++ b/history/security.html
@@ -22,6 +22,31 @@ link to full release notes for each release.</p>
</tr>
<tr>
+ <td>14 Aug 2018</td>
+ <td><a href="/samba/ftp/patches/security/samba-4.8.3-security-2018-08-14.patch">
+ patch for Samba 4.8.3 (all CVEs)</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.7.8-security-2018-08-14.patch">
+ patch for Samba 4.7.8 (all CVEs except CVE-2018-1140)</a><br />
+ <a href="/samba/ftp/patches/security/samba-4.6.15-security-2018-08-14.patch">
+ patch for Samba 4.6.15 (CVE-2018-10858 and CVE-2018-10919)</a><br />
+ <td>Numerous CVEs. Please see the announcements for details.
+ </td>
+ <td>please refer to the advisories</td>
+ <td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10858">CVE-2018-10858</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10918">CVE-2018-10918</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10919">CVE-2018-10919</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1139">CVE-2018-1139</a>,
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1140">CVE-2018-1140</a>
+ </td>
+ <td><a href="/samba/security/CVE-2018-10858.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-10918.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-10919.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-1139.html">Announcement</a>,
+ <a href="/samba/security/CVE-2018-1140.html">Announcement</a>
+ </td>
+ </tr>
+
+ <tr>
<td>13 Mar 2018</td>
<td><a href="/samba/ftp/patches/security/samba-4.7.5-security-2018-03-13.patch">
patch for Samba 4.7.5</a><br />
diff --git a/posted_news/20180814-075125.4.8.4.body.html b/posted_news/20180814-075125.4.8.4.body.html
new file mode 100644
index 0000000..42b90fa
--- /dev/null
+++ b/posted_news/20180814-075125.4.8.4.body.html
@@ -0,0 +1,31 @@
+<!-- BEGIN: posted_news/20180814-075125.4.8.4.body.html -->
+<h5><a name="4.8.4">14 August 2018</a></h5>
+<p class=headline>Samba 4.8.4, 4.7.9 and 4.6.16 Security Releases Available for Download</p>
+<p>
+These are security releases in order to address<br>
+<a href="/samba/security/CVE-2018-10858.html">CVE-2018-10858</a>
+(Insufficient input validation on client directory listing in libsmbclient.),<br>
+<a href="/samba/security/CVE-2018-10918.html">CVE-2018-10918</a>
+(Denial of Service Attack on AD DC DRSUAPI server.),<br>
+<a href="/samba/security/CVE-2018-10919.html">CVE-2018-10919</a>
+(Confidential attribute disclosure from the AD LDAP server.),<br>
+<a href="/samba/security/CVE-2018-1139.html">CVE-2018-1139</a>
+(Weak authentication protocol allowed.) and<br>
+<a href="/samba/security/CVE-2018-1140.html">CVE-2018-1140</a>
+(Denial of Service Attack on DNS and LDAP server.).
+</p>
+<p>
+The uncompressed tarballs have been signed using GnuPG (ID 6F33915B6568B7EA).<br>
+The 4.8.4 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.8.4.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.8.3-4.8.4.diffs.gz">patch against Samba 4.8.3</a> is also available.
+Please see the <a href="https://www.samba.org/samba/history/samba-4.8.4.html">release notes</a> for more info.
+<br>
+The 4.7.9 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.7.9.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.7.8-4.7.9.diffs.gz">patch against Samba 4.7.8</a> is also available.
+Please see the <a href="https://www.samba.org/samba/history/samba-4.7.9.html">release notes</a> for more info.
+<br>
+The 4.6.16 source code can be <a href="https://download.samba.org/pub/samba/stable/samba-4.6.16.tar.gz">downloaded now</a>.
+A <a href="https://download.samba.org/pub/samba/patches/samba-4.6.15-4.6.16.diffs.gz">patch against Samba 4.6.15</a> is also available.
+Please see the <a href="https://www.samba.org/samba/history/samba-4.6.16.html">release notes</a> for more info.
+</p>
+<!-- END: posted_news/20180814-075125.4.8.4.body.html -->
diff --git a/posted_news/20180814-075125.4.8.4.headline.html b/posted_news/20180814-075125.4.8.4.headline.html
new file mode 100644
index 0000000..c31a250
--- /dev/null
+++ b/posted_news/20180814-075125.4.8.4.headline.html
@@ -0,0 +1,3 @@
+<!-- BEGIN: posted_news/20180814-075125.4.8.4.headline.html -->
+<li> 14 August 2018 <a href="#4.8.4">Samba 4.8.4, 4.7.9 and 4.6.16 Security Releases Available for Download</a></li>
+<!-- END: posted_news/20180814-075125.4.8.4.headline.html -->
diff --git a/security/CVE-2018-10858.html b/security/CVE-2018-10858.html
new file mode 100644
index 0000000..dd91a22
--- /dev/null
+++ b/security/CVE-2018-10858.html
@@ -0,0 +1,62 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2018-10858.html
+
+<p>
+<pre>
+===========================================================
+== Subject: Insufficient input validation on client directory
+== listing in libsmbclient.
+==
+== CVE ID#: CVE-2018-10858
+==
+== Versions: Samba 3.2.0 - 4.8.3 (inclusive)
+==
+== Summary: A malicious server could return a directory entry
+== that could corrupt libsmbclient memory.
+==
+===========================================================
+
+===========
+Description
+===========
+
+Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in
+libsmbclient that could allow a malicious server to overwrite
+client heap memory by returning an extra long filename in a directory
+listing.
+
+==================
+Patch Availability
+==================
+
+Patches addressing this issue have been posted to:
+
+ http://www.samba.org/samba/security/
+
+Samba versions 4.6.16, 4.7.9 and 4.8.4 have been released with fixes for
+this issue.
+
+==========
+Workaround
+==========
+
+None
+
+=======
+Credits
+=======
+
+This vulnerability was found by Svyatoslav Phirsov and was fixed
+by Jeremy Allison of Google and the Samba team.
+</pre>
+</body>
+</html>
diff --git a/security/CVE-2018-10918.html b/security/CVE-2018-10918.html
new file mode 100644
index 0000000..61df6fb
--- /dev/null
+++ b/security/CVE-2018-10918.html
@@ -0,0 +1,72 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2018-10918.html
+
+<p>
+<pre>
+====================================================================
+== Subject: Denial of Service Attack on AD DC DRSUAPI server
+==
+== CVE ID#: CVE-2018-10918
+==
+== Versions: All versions of Samba from 4.7.0 onwards.
+==
+== Summary: Missing null pointer checks may crash the Samba AD
+== DC, over the authenticated DRSUAPI RPC service.
+==
+====================================================================
+
+===========
+Description
+===========
+
+All versions of Samba from 4.7.0 onwards are vulnerable to a denial of
+service attack which can crash the "samba" process when Samba is an
+Active Directory Domain Controller.
+
+Missing database output checks on the returned directory attributes
+from the LDB database layer cause the DsCrackNames call in the DRSUAPI
+server to crash when following a NULL pointer.
+
+This call is only available after authentication.
+
+There is no further vulnerability associated with this error, merely a
+denial of service.
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+ http://www.samba.org/samba/security/
+
+Additionally, Samba 4.8.4 and Samba 4.7.9 have been issued as a
+security release to correct the defect. Patches against older Samba
+versions are available at http://samba.org/samba/patches/. Samba
+vendors and administrators running affected versions are advised to
+upgrade or apply the patch as soon as possible.
+
+==========
+Workaround
+==========
+
+No workaround is possible while acting as a Samba AD DC.
+
+=======
+Credits
+=======
+
+The issue was reported by Volker Mauel. Andrew Bartlett of Catalyst
+and the Samba Team provided the test and patches.
+</pre>
+</body>
+</html>
diff --git a/security/CVE-2018-10919.html b/security/CVE-2018-10919.html
--
Samba Website Repository
More information about the samba-cvs
mailing list